CVE-2013-0857

Name of the Vulnerable Software and Affected Versions libav versions prior to 1.1

Description The issue concerns multiple vulnerabilities in the libav package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the decode frame ilbm function in libavcodec/iff.c is affected by a vulnerability that allows remote attackers to have an impact via a crafted height value in IFF PBM/ILBM bitmap data.

Recommendations For libav versions prior to 1.1, update to version 1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the decode frame ilbm function in libavcodec/iff.c to minimize the risk of exploitation. Avoid using the height value in IFF PBM/ILBM bitmap data until the issue is resolved.